Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.
Link: https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/
Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.
Link: https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/
T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen.
Link: https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
Restaurants in 23 states were compromised for two months.
Link: https://threatpost.com/cheddars-restaurants-bitten-by-credit-card-breach/136876/
DNC officials and Lookout believed a spoofed site was built to harvest authentication details for the Democratic voter database.
Link: https://threatpost.com/dnc-highly-publicized-phishing-attempt-was-only-a-security-test/136828/
The DNC thwarts a phishing effort aimed at its voter database, days after Microsoft’s Fancy Bear disruption and Facebook’s efforts against Iranian propaganda.
Link: https://threatpost.com/dnc-becomes-latest-target-in-series-of-election-season-attacks/136814/
Cryptojacking attacks are on the rise. We talk to security researcher Troy Mursch about why bad actors are drawn to this attack technique.
Link: https://threatpost.com/podcast-bad-packets-report-founder-on-rising-cryptojacking-attacks/136778/
An unpatched buffer overflow flaw allows remote attackers to completely take over the device and enter the home network.
Link: https://threatpost.com/belkin-iot-smart-plug-flaw-allows-remote-code-execution-in-smart-homes/136732/
Researchers launched a Proof-of-Concept attack on two Android mobile phones and an embedded system board.
Link: https://threatpost.com/side-channel-poc-attack-targets-encryption-software-glitch/136703/
The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Link: https://threatpost.com/darkhotel-exploits-microsoft-zero-day-vbscript-flaw/136685/
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Link: https://threatpost.com/unique-malspam-campaign-uses-ms-publisher-to-drop-a-rat-on-banks/136656/